pam/pam.spec

%define major	0
%define libname %mklibname %{name} %{major}
%define libnamec %mklibname %{name}c %{major}
%define libname_misc %mklibname %{name}_misc %{major}
%define develname %mklibname %{name} -d

%define with_prelude 0
%{?_without_prelude: %{expand: %%global with_prelude 0}}
%{?_with_prelude: %{expand: %%global with_prelude 1}}

%define bootstrap 0
%{?_without_bootstrap: %global bootstrap 0}
%{?_with_bootstrap: %global bootstrap 1}

%define pam_redhat_version 0.99.10-1

Epoch:	1

Summary:	A security tool which provides authentication for applications
Name:		pam
Version:	1.1.8
Release:	2
# The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant
# as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+,
License:	BSD and GPLv2+
Group:		System/Libraries
Url:		http://www.kernel.org/pub/linux/libs/pam/index.html
Source0:	ftp://ftp.kernel.org/pub/linux/libs/pam/library/Linux-PAM-%{version}.tar.bz2
Source2:	pam-redhat-%{pam_redhat_version}.tar.bz2
Source5:	other.pamd
Source6:	system-auth.pamd
Source7:	config-util.pamd
Source8:	dlopen.sh
Source9:	system-auth.5
Source10:	config-util.5
Source11:	postlogin.pamd
Source12:	postlogin.5
Source13:	pamtmp.conf
Source14:	90-nproc.conf
#add missing documentation
Source501: 	pam_tty_audit.8
Source502:	README

# RedHat patches
Patch1:  pam-1.0.90-redhat-modules.patch
Patch2:  pam-1.1.6-std-noclose.patch
Patch4:  pam-1.1.0-console-nochmod.patch
Patch5:  pam-1.1.0-notally.patch
Patch7:  pam-1.1.0-console-fixes.patch
Patch9:  pam-1.1.6-noflex.patch
Patch10: pam-1.1.3-nouserenv.patch
Patch11: pam-1.1.3-console-abstract.patch
Patch13: pam-1.1.5-limits-user.patch
Patch22: pam-1.1.7-unix-build.patch
Patch32: pam-1.1.7-tty-audit-init.patch

# ROSA specific sources/patches
# (fl) fix infinite loop
Patch507:	pam-0.74-loop.patch
# (fc) 0.75-29mdk don't complain when / is owned by root.adm
Patch508:	Linux-PAM-0.99.3.0-pamtimestampadm.patch
# (fl) pam_xauth: set extra groups because in high security levels
#      access to /usr/X11R6/bin dir is controlled by a group
Patch512:	Linux-PAM-1.1.1-xauth-groups.patch
# (tv/blino) add defaults for nice/rtprio in /etc/security/limits.conf
Patch517:	Linux-PAM-0.99.3.0-enable_rt.patch
# (blino) fix parallel build (pam_console)
Patch521:	Linux-PAM-0.99.3.0-pbuild-rh.patch

Patch700:	pam_fix_static_pam_console.patch
# (fc) do not output error when no file is in /etc/security/console.perms.d/
Patch701:	pam-1.1.0-console-nopermsd.patch
# (proyvind): add missing constant that went with rpc removal from glibc 2.14
Patch702:	Linux-PAM-1.1.4-add-now-missing-nis-constant.patch

# (akdengi> add user to default group users which need for Samba
Patch801:	Linux-PAM-1.1.4-group_add_users.patch

BuildRequires:	bison
BuildRequires:	cracklib-devel
BuildRequires:	flex
%if !%{bootstrap}
# this pulls in the mega texlive load
BuildRequires:	linuxdoc-tools
%endif
BuildRequires:	db_nss-devel
BuildRequires:	openssl-devel
BuildRequires:	libaudit-devel
BuildRequires:	glibc-crypt_blowfish-devel
BuildRequires:  gettext-devel
%if %with_prelude
BuildRequires:	prelude-devel >= 0.9.0
%else
BuildConflicts:	prelude-devel
%endif
Requires:	cracklib-dicts
Requires:	setup >= 2.7.12-2
Requires:	pam_tcb >= 1.0.2-16
Requires(pre):	rpm-helper
Requires(post):	coreutils
Requires(post):	tcb >= 1.0.2-16
Conflicts:	%{_lib}pam0 < 1.1.4-5
Requires: libpwquality >= 0.9.9


%description
PAM (Pluggable Authentication Modules) is a system security tool that
allows system administrators to set authentication policy without
having to recompile programs that handle authentication.

%package	doc
Summary:	Additional documentation for %{name}
Group:		System/Libraries
Requires:	%{name} = %{EVRD}

%description	doc
This is the documentation package of %{name}.

%package -n	%{libname}
Summary:	Library for %{name}
Group:		System/Libraries
Conflicts:	pam < 1.1.4-5

%description -n	%{libname}
This package contains the library libpam for %{name}.

%package -n	%{libnamec}
Summary:	Library for %{name}
Group:		System/Libraries
Conflicts:	%{_lib}pam0 < 1.1.4-5

%description -n	%{libnamec}
This package contains the library libpamc for %{name}.

%package -n	%{libname_misc}
Summary:	Library for %{name}
Group:		System/Libraries
Conflicts:	%{_lib}pam0 < 1.1.4-5

%description -n	%{libname_misc}
This package contains the library libpam_misc for %{name}.

%package -n	%{develname}
Summary:	Development headers and libraries for %{name}
Group:		Development/Other
Requires:	%{libname} = %{EVRD}
Requires:	%{libnamec} = %{EVRD}
Requires:	%{libname_misc} = %{EVRD}
Provides:	%{name}-devel = %{EVRD}

%description -n	%{develname}
PAM (Pluggable Authentication Modules) is a system security tool that
allows system administrators to set authentication policy without
having to recompile programs that handle authentication.

This package contains the development libraries for %{name}.

%prep
%setup -q -n Linux-PAM-%{version} -a 2

# Add custom modules.
mv pam-redhat-%{pam_redhat_version}/* modules

%apply_patches

install -m644 %{SOURCE501} %{SOURCE502} modules/pam_tty_audit/

mkdir -p doc/txts
for readme in modules/pam_*/README ; do
	cp -f ${readme} doc/txts/README.`dirname ${readme} | sed -e 's|^modules/||'`
done

#libtoolize -cf
autoreconf -ifs -I m4

%build
export BROWSER=""
CFLAGS="$RPM_OPT_FLAGS -fPIC -I%{_includedir}/db_nss -D_GNU_SOURCE" \
%configure2_5x \
	--sbindir=/sbin \
	--libdir=/%{_lib} \
	--includedir=%{_includedir}/security \
	--with-db-uniquename=_nss \
	--docdir=%{_docdir}/%{name} \
	--disable-selinux \
	--disable-prelude
%make

%install
mkdir -p %{buildroot}%{_includedir}/security
mkdir -p %{buildroot}/%{_lib}/security
%makeinstall_std LDCONFIG=:
install -d -m 755 %{buildroot}/etc/pam.d
install -m 644 %{SOURCE5} %{buildroot}/etc/pam.d/other
install -m 644 %{SOURCE6} %{buildroot}/etc/pam.d/system-auth
install -m 644 %{SOURCE7} %{buildroot}/etc/pam.d/config-util
install -m 644 %{SOURCE11} %{buildroot}/etc/pam.d/postlogin
install -m 600 /dev/null %{buildroot}%{_sysconfdir}/security/opasswd
install -d -m 755 %{buildroot}/var/log
install -m 600 /dev/null %{buildroot}/var/log/tallylog
install -m 644 %{SOURCE14} %{buildroot}%{_sysconfdir}/security/limits.d/90-nproc.conf

# Install man pages.
install -m 644 %{SOURCE9} %{SOURCE10} %{SOURCE12} %{buildroot}%{_mandir}/man5/

# no longer needed, handled by ACL in udev
for phase in auth acct passwd session ; do
	ln -sf pam_unix.so %{buildroot}/%{_lib}/security/pam_unix_${phase}.so
done

# cleanup
rm -f %{buildroot}/%{_lib}/security/*.la
rm -f %{buildroot}/%{_lib}/*.la

#Set suid bit for /sbin/unix_chkpwd (bug #3169)
chmod u+s %{buildroot}/sbin/unix_chkpwd

# Install the file for autocreation of /var/run subdirectories on boot
mkdir -p %{buildroot}%{_prefix}/lib/tmfiles.d/
install -m644 -D %{SOURCE13} %{buildroot}%{_prefix}/lib/tmpfiles.d/pam.conf

# For drakauth copy system-auth to system-auth-default
cp -f %{buildroot}/etc/pam.d/system-auth %{buildroot}/etc/pam.d/system-auth-default

%find_lang Linux-PAM

%check
# (blino) we don't want to test if SE Linux is built, it's disabled
# Make sure every module subdirectory gave us a module.  Yes, this is hackish.
for dir in modules/pam_* ; do
if [ -d ${dir} ] && [[ "${dir}" != "modules/pam_selinux" ]] && [[ "${dir}" != "modules/pam_sepermit" ]]; then
         [[ "${dir}" = "modules/pam_tally" ]] && continue
	if ! ls -1 %{buildroot}/%{_lib}/security/`basename ${dir}`*.so ; then
		echo ERROR `basename ${dir}` did not build a module.
		exit 1
	fi
fi
done

# Check for module problems.  Specifically, check that every module we just
# installed can actually be loaded by a minimal PAM-aware application.
/sbin/ldconfig -n %{buildroot}/%{_lib}
for module in %{buildroot}/%{_lib}/security/pam*.so ; do
	if ! env LD_LIBRARY_PATH=%{buildroot}/%{_lib} \
		sh %{SOURCE8} -ldl -lpam -L%{buildroot}/%{_lib} ${module} ; then
		echo ERROR module: ${module} cannot be loaded.
		exit 1
	fi
done

%posttrans
# (cg) Ensure that the pam_systemd.so is included for user ACLs under systemd
# Note: Only affects upgrades, but does no harm so always update if needed.
if ! grep -q "pam_systemd\.so" /etc/pam.d/system-auth; then
	echo "-session    optional      pam_systemd.so" >>/etc/pam.d/system-auth
fi

if [ ! -a /var/log/tallylog ] ; then
       install -m 600 /dev/null /var/log/tallylog
fi
if [ -f /etc/login.defs ] && ! grep -q USE_TCB /etc/login.defs; then
       /usr/sbin/set_tcb --auto --migrate
fi

%files -f Linux-PAM.lang
%doc NEWS
%docdir %{_docdir}/%{name}
%dir /etc/pam.d
%config(noreplace) /etc/environment
%config /etc/pam.d/other
%attr(0644,root,shadow) %config(noreplace) /etc/pam.d/system-auth
%attr(0644,root,shadow) %config(noreplace) /etc/pam.d/system-auth-default
%config /etc/pam.d/config-util
%config /etc/pam.d/postlogin
/sbin/mkhomedir_helper
/sbin/pam_console_apply
/sbin/pam_tally2
/sbin/unix_chkpwd
/sbin/unix_update
%attr(4755,root,root) /sbin/pam_timestamp_check
%config(noreplace) %{_sysconfdir}/security/access.conf
%config(noreplace) %{_sysconfdir}/security/chroot.conf
%config(noreplace) %{_sysconfdir}/security/console.perms
%config(noreplace) %{_sysconfdir}/security/console.handlers
%config(noreplace) %{_sysconfdir}/security/group.conf
%config(noreplace) %{_sysconfdir}/security/limits.conf
%config(noreplace) %{_sysconfdir}/security/namespace.conf
%attr(755,root,root) %config(noreplace) %{_sysconfdir}/security/namespace.init
%config(noreplace) %{_sysconfdir}/security/pam_env.conf
%config(noreplace) %{_sysconfdir}/security/time.conf
%config(noreplace) %{_sysconfdir}/security/opasswd
%config(noreplace) %{_sysconfdir}/security/limits.d/90-nproc.conf
%dir %{_sysconfdir}/security/console.apps
%dir %{_sysconfdir}/security/console.perms.d
%dir /%{_lib}/security
/%{_lib}/security/*.so
/%{_lib}/security/pam_filter
/usr/lib/tmpfiles.d/pam.conf
%dir /var/run/console
%ghost %verify(not md5 size mtime) /var/log/tallylog
%{_mandir}/man5/*
%{_mandir}/man8/*

%files -n %{libname}
/%{_lib}/libpam.so.%{major}*

%files -n %{libnamec}
/%{_lib}/libpamc.so.%{major}*

%files -n %{libname_misc}
/%{_lib}/libpam_misc.so.%{major}*

%files -n %{develname}
%doc Copyright
/%{_lib}/libpam.so
/%{_lib}/libpam_misc.so
/%{_lib}/libpamc.so
%{_includedir}/security/*.h
%{_mandir}/man3/*

%files doc
%doc doc/txts doc/specs/rfc86.0.txt Copyright
revert to 1.1.4 with best work 2012-03-22 01:18:54 +04:00			`%define major 0`
			`%define libname %mklibname %{name} %{major}`
			`%define libnamec %mklibname %{name}c %{major}`
			`%define libname_misc %mklibname %{name}_misc %{major}`
			`%define develname %mklibname %{name} -d`
Automatic import for version 1.1.3 2012-02-01 15:16:30 +04:00
			`%define with_prelude 0`
			`%{?_without_prelude: %{expand: %%global with_prelude 0}}`
			`%{?_with_prelude: %{expand: %%global with_prelude 1}}`

revert to 1.1.4 with best work 2012-03-22 01:18:54 +04:00			`%define bootstrap 0`
			`%{?_without_bootstrap: %global bootstrap 0}`
			`%{?_with_bootstrap: %global bootstrap 1}`

Automatic import for version 1.1.3 2012-02-01 15:16:30 +04:00			`%define pam_redhat_version 0.99.10-1`

revert to 1.1.4 with best work 2012-03-22 01:18:54 +04:00			`Epoch: 1`

Automatic import for version 1.1.3 2012-02-01 15:16:30 +04:00			`Summary: A security tool which provides authentication for applications`
			`Name: pam`
1.8.0 2014-01-21 14:49:16 +04:00			`Version: 1.1.8`
Add system-auth-default need for drakauth hack 2014-02-13 09:54:38 +04:00			`Release: 2`
Automatic import for version 1.1.3 2012-02-01 15:16:30 +04:00			`# The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant`
			`# as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+,`
			`License: BSD and GPLv2+`
			`Group: System/Libraries`
revert to 1.1.4 with best work 2012-03-22 01:18:54 +04:00			`Url: http://www.kernel.org/pub/linux/libs/pam/index.html`
			`Source0: ftp://ftp.kernel.org/pub/linux/libs/pam/library/Linux-PAM-%{version}.tar.bz2`
Automatic import for version 1.1.3 2012-02-01 15:16:30 +04:00			`Source2: pam-redhat-%{pam_redhat_version}.tar.bz2`
			`Source5: other.pamd`
			`Source6: system-auth.pamd`
			`Source7: config-util.pamd`
			`Source8: dlopen.sh`
			`Source9: system-auth.5`
			`Source10: config-util.5`
1.8.0 2014-01-21 14:49:16 +04:00			`Source11: postlogin.pamd`
			`Source12: postlogin.5`
			`Source13: pamtmp.conf`
			`Source14: 90-nproc.conf`
revert to 1.1.4 with best work 2012-03-22 01:18:54 +04:00			`#add missing documentation`
			`Source501: pam_tty_audit.8`
			`Source502: README`
Automatic import for version 1.1.3 2012-02-01 15:16:30 +04:00
			`# RedHat patches`
1.8.0 2014-01-21 14:49:16 +04:00			`Patch1: pam-1.0.90-redhat-modules.patch`
			`Patch2: pam-1.1.6-std-noclose.patch`
			`Patch4: pam-1.1.0-console-nochmod.patch`
			`Patch5: pam-1.1.0-notally.patch`
			`Patch7: pam-1.1.0-console-fixes.patch`
			`Patch9: pam-1.1.6-noflex.patch`
			`Patch10: pam-1.1.3-nouserenv.patch`
			`Patch11: pam-1.1.3-console-abstract.patch`
			`Patch13: pam-1.1.5-limits-user.patch`
			`Patch22: pam-1.1.7-unix-build.patch`
			`Patch32: pam-1.1.7-tty-audit-init.patch`

			`# ROSA specific sources/patches`
Automatic import for version 1.1.3 2012-02-01 15:16:30 +04:00			`# (fl) fix infinite loop`
			`Patch507: pam-0.74-loop.patch`
			`# (fc) 0.75-29mdk don't complain when / is owned by root.adm`
			`Patch508: Linux-PAM-0.99.3.0-pamtimestampadm.patch`
			`# (fl) pam_xauth: set extra groups because in high security levels`
			`# access to /usr/X11R6/bin dir is controlled by a group`
			`Patch512: Linux-PAM-1.1.1-xauth-groups.patch`
			`# (tv/blino) add defaults for nice/rtprio in /etc/security/limits.conf`
revert to 1.1.4 with best work 2012-03-22 01:18:54 +04:00			`Patch517: Linux-PAM-0.99.3.0-enable_rt.patch`
Automatic import for version 1.1.3 2012-02-01 15:16:30 +04:00			`# (blino) fix parallel build (pam_console)`
			`Patch521: Linux-PAM-0.99.3.0-pbuild-rh.patch`

			`Patch700: pam_fix_static_pam_console.patch`
			`# (fc) do not output error when no file is in /etc/security/console.perms.d/`
			`Patch701: pam-1.1.0-console-nopermsd.patch`
revert to 1.1.4 with best work 2012-03-22 01:18:54 +04:00			`# (proyvind): add missing constant that went with rpc removal from glibc 2.14`
			`Patch702: Linux-PAM-1.1.4-add-now-missing-nis-constant.patch`

add to /etc/security/group.conf group users for default 2012-04-20 16:09:16 +04:00			`# (akdengi> add user to default group users which need for Samba`
			`Patch801: Linux-PAM-1.1.4-group_add_users.patch`

revert to 1.1.4 with best work 2012-03-22 01:18:54 +04:00			`BuildRequires: bison`
			`BuildRequires: cracklib-devel`
			`BuildRequires: flex`
			`%if !%{bootstrap}`
			`# this pulls in the mega texlive load`
Automatic import for version 1.1.3 2012-02-01 15:16:30 +04:00			`BuildRequires: linuxdoc-tools`
revert to 1.1.4 with best work 2012-03-22 01:18:54 +04:00			`%endif`
			`BuildRequires: db_nss-devel`
Automatic import for version 1.1.3 2012-02-01 15:16:30 +04:00			`BuildRequires: openssl-devel`
			`BuildRequires: libaudit-devel`
			`BuildRequires: glibc-crypt_blowfish-devel`
added BuildRequires: gettext-devel 2013-09-10 13:20:49 +04:00			`BuildRequires: gettext-devel`
Automatic import for version 1.1.3 2012-02-01 15:16:30 +04:00			`%if %with_prelude`
			`BuildRequires: prelude-devel >= 0.9.0`
			`%else`
			`BuildConflicts: prelude-devel`
			`%endif`
revert to 1.1.4 with best work 2012-03-22 01:18:54 +04:00			`Requires: cracklib-dicts`
			`Requires: setup >= 2.7.12-2`
			`Requires: pam_tcb >= 1.0.2-16`
			`Requires(pre): rpm-helper`
			`Requires(post): coreutils`
			`Requires(post): tcb >= 1.0.2-16`
			`Conflicts: %{_lib}pam0 < 1.1.4-5`
fix build 2014-01-21 15:47:44 +04:00			`Requires: libpwquality >= 0.9.9`

Automatic import for version 1.1.3 2012-02-01 15:16:30 +04:00
			`%description`
			`PAM (Pluggable Authentication Modules) is a system security tool that`
			`allows system administrators to set authentication policy without`
			`having to recompile programs that handle authentication.`

			`%package doc`
			`Summary: Additional documentation for %{name}`
			`Group: System/Libraries`
revert to 1.1.4 with best work 2012-03-22 01:18:54 +04:00			`Requires: %{name} = %{EVRD}`
Automatic import for version 1.1.3 2012-02-01 15:16:30 +04:00
			`%description doc`
revert to 1.1.4 with best work 2012-03-22 01:18:54 +04:00			`This is the documentation package of %{name}.`
Automatic import for version 1.1.3 2012-02-01 15:16:30 +04:00
			`%package -n %{libname}`
revert to 1.1.4 with best work 2012-03-22 01:18:54 +04:00			`Summary: Library for %{name}`
Automatic import for version 1.1.3 2012-02-01 15:16:30 +04:00			`Group: System/Libraries`
Automatic import for version 1.1.4-9 2012-08-07 12:05:53 +00:00			`Conflicts: pam < 1.1.4-5`
Automatic import for version 1.1.3 2012-02-01 15:16:30 +04:00
			`%description -n %{libname}`
revert to 1.1.4 with best work 2012-03-22 01:18:54 +04:00			`This package contains the library libpam for %{name}.`

			`%package -n %{libnamec}`
			`Summary: Library for %{name}`
			`Group: System/Libraries`
			`Conflicts: %{_lib}pam0 < 1.1.4-5`

			`%description -n %{libnamec}`
			`This package contains the library libpamc for %{name}.`

			`%package -n %{libname_misc}`
			`Summary: Library for %{name}`
			`Group: System/Libraries`
			`Conflicts: %{_lib}pam0 < 1.1.4-5`
Automatic import for version 1.1.3 2012-02-01 15:16:30 +04:00
revert to 1.1.4 with best work 2012-03-22 01:18:54 +04:00			`%description -n %{libname_misc}`
			`This package contains the library libpam_misc for %{name}.`
Automatic import for version 1.1.3 2012-02-01 15:16:30 +04:00
			`%package -n %{develname}`
			`Summary: Development headers and libraries for %{name}`
			`Group: Development/Other`
revert to 1.1.4 with best work 2012-03-22 01:18:54 +04:00			`Requires: %{libname} = %{EVRD}`
			`Requires: %{libnamec} = %{EVRD}`
			`Requires: %{libname_misc} = %{EVRD}`
			`Provides: %{name}-devel = %{EVRD}`
Automatic import for version 1.1.3 2012-02-01 15:16:30 +04:00
			`%description -n %{develname}`
			`PAM (Pluggable Authentication Modules) is a system security tool that`
			`allows system administrators to set authentication policy without`
			`having to recompile programs that handle authentication.`

revert to 1.1.4 with best work 2012-03-22 01:18:54 +04:00			`This package contains the development libraries for %{name}.`
Automatic import for version 1.1.3 2012-02-01 15:16:30 +04:00
			`%prep`
			`%setup -q -n Linux-PAM-%{version} -a 2`

			`# Add custom modules.`
			`mv pam-redhat-%{pam_redhat_version}/* modules`

1.8.0 2014-01-21 14:49:16 +04:00			`%apply_patches`
Automatic import for version 1.1.3 2012-02-01 15:16:30 +04:00
			`install -m644 %{SOURCE501} %{SOURCE502} modules/pam_tty_audit/`

			`mkdir -p doc/txts`
			`for readme in modules/pam_*/README ; do`
			cp -f ${readme} doc/txts/README.`dirname ${readme} \| sed -e 's\|^modules/\|\|'`
			`done`

			`#libtoolize -cf`
changed autoreconf 2013-09-10 12:41:45 +04:00			`autoreconf -ifs -I m4`
Automatic import for version 1.1.3 2012-02-01 15:16:30 +04:00
			`%build`
			`export BROWSER=""`
			`CFLAGS="$RPM_OPT_FLAGS -fPIC -I%{_includedir}/db_nss -D_GNU_SOURCE" \`
			`%configure2_5x \`
			`--sbindir=/sbin \`
			`--libdir=/%{_lib} \`
			`--includedir=%{_includedir}/security \`
			`--with-db-uniquename=_nss \`
			`--docdir=%{_docdir}/%{name} \`
fix build 2014-01-21 15:47:44 +04:00			`--disable-selinux \`
			`--disable-prelude`
Automatic import for version 1.1.3 2012-02-01 15:16:30 +04:00			`%make`

			`%install`
new version 1.1.5 2012-03-21 21:50:51 +04:00			`mkdir -p %{buildroot}%{_includedir}/security`
			`mkdir -p %{buildroot}/%{_lib}/security`
revert to 1.1.4 with best work 2012-03-22 01:18:54 +04:00			`%makeinstall_std LDCONFIG=:`
new version 1.1.5 2012-03-21 21:50:51 +04:00			`install -d -m 755 %{buildroot}/etc/pam.d`
			`install -m 644 %{SOURCE5} %{buildroot}/etc/pam.d/other`
			`install -m 644 %{SOURCE6} %{buildroot}/etc/pam.d/system-auth`
			`install -m 644 %{SOURCE7} %{buildroot}/etc/pam.d/config-util`
add postlogin pam rules 2013-11-18 11:00:12 +04:00			`install -m 644 %{SOURCE11} %{buildroot}/etc/pam.d/postlogin`
new version 1.1.5 2012-03-21 21:50:51 +04:00			`install -m 600 /dev/null %{buildroot}%{_sysconfdir}/security/opasswd`
			`install -d -m 755 %{buildroot}/var/log`
			`install -m 600 /dev/null %{buildroot}/var/log/tallylog`
1.8.0 2014-01-21 14:49:16 +04:00			`install -m 644 %{SOURCE14} %{buildroot}%{_sysconfdir}/security/limits.d/90-nproc.conf`
Automatic import for version 1.1.3 2012-02-01 15:16:30 +04:00
			`# Install man pages.`
add postlogin pam rules 2013-11-18 11:00:12 +04:00			`install -m 644 %{SOURCE9} %{SOURCE10} %{SOURCE12} %{buildroot}%{_mandir}/man5/`
Automatic import for version 1.1.3 2012-02-01 15:16:30 +04:00
			`# no longer needed, handled by ACL in udev`
revert to 1.1.4 with best work 2012-03-22 01:18:54 +04:00			`for phase in auth acct passwd session ; do`
			`ln -sf pam_unix.so %{buildroot}/%{_lib}/security/pam_unix_${phase}.so`
Automatic import for version 1.1.3 2012-02-01 15:16:30 +04:00			`done`

revert to 1.1.4 with best work 2012-03-22 01:18:54 +04:00			`# cleanup`
			`rm -f %{buildroot}/%{_lib}/security/*.la`
			`rm -f %{buildroot}/%{_lib}/*.la`

Fix bug #3169 - set suid bit for /sbin/unix_chkpwd 2013-11-17 10:53:12 +04:00			`#Set suid bit for /sbin/unix_chkpwd (bug #3169)`
			`chmod u+s %{buildroot}/sbin/unix_chkpwd`

add tmfiles.d config for create /run structure 2013-12-09 21:14:15 +04:00			`# Install the file for autocreation of /var/run subdirectories on boot`
			`mkdir -p %{buildroot}%{_prefix}/lib/tmfiles.d/`
			`install -m644 -D %{SOURCE13} %{buildroot}%{_prefix}/lib/tmpfiles.d/pam.conf`

Add system-auth-default need for drakauth hack 2014-02-13 09:54:38 +04:00			`# For drakauth copy system-auth to system-auth-default`
			`cp -f %{buildroot}/etc/pam.d/system-auth %{buildroot}/etc/pam.d/system-auth-default`

Automatic import for version 1.1.3 2012-02-01 15:16:30 +04:00			`%find_lang Linux-PAM`

			`%check`
			`# (blino) we don't want to test if SE Linux is built, it's disabled`
			`# Make sure every module subdirectory gave us a module. Yes, this is hackish.`
			`for dir in modules/pam_* ; do`
revert to 1.1.4 with best work 2012-03-22 01:18:54 +04:00			`if [ -d ${dir} ] && [[ "${dir}" != "modules/pam_selinux" ]] && [[ "${dir}" != "modules/pam_sepermit" ]]; then`
			`[[ "${dir}" = "modules/pam_tally" ]] && continue`
new version 1.1.5 2012-03-21 21:50:51 +04:00			if ! ls -1 %{buildroot}/%{_lib}/security/`basename ${dir}`*.so ; then
Automatic import for version 1.1.3 2012-02-01 15:16:30 +04:00			echo ERROR `basename ${dir}` did not build a module.
			`exit 1`
			`fi`
			`fi`
			`done`

			`# Check for module problems. Specifically, check that every module we just`
			`# installed can actually be loaded by a minimal PAM-aware application.`
new version 1.1.5 2012-03-21 21:50:51 +04:00			`/sbin/ldconfig -n %{buildroot}/%{_lib}`
			`for module in %{buildroot}/%{_lib}/security/pam*.so ; do`
			`if ! env LD_LIBRARY_PATH=%{buildroot}/%{_lib} \`
revert to 1.1.4 with best work 2012-03-22 01:18:54 +04:00			`sh %{SOURCE8} -ldl -lpam -L%{buildroot}/%{_lib} ${module} ; then`
Automatic import for version 1.1.3 2012-02-01 15:16:30 +04:00			`echo ERROR module: ${module} cannot be loaded.`
			`exit 1`
			`fi`
			`done`

			`%posttrans`
new version 1.1.5 2012-03-21 21:50:51 +04:00			`# (cg) Ensure that the pam_systemd.so is included for user ACLs under systemd`
			`# Note: Only affects upgrades, but does no harm so always update if needed.`
			`if ! grep -q "pam_systemd\.so" /etc/pam.d/system-auth; then`
			`echo "-session optional pam_systemd.so" >>/etc/pam.d/system-auth`
			`fi`

Automatic import for version 1.1.3 2012-02-01 15:16:30 +04:00			`if [ ! -a /var/log/tallylog ] ; then`
			`install -m 600 /dev/null /var/log/tallylog`
			`fi`
revert to 1.1.4 with best work 2012-03-22 01:18:54 +04:00			`if [ -f /etc/login.defs ] && ! grep -q USE_TCB /etc/login.defs; then`
Automatic import for version 1.1.3 2012-02-01 15:16:30 +04:00			`/usr/sbin/set_tcb --auto --migrate`
			`fi`

			`%files -f Linux-PAM.lang`
fix build 2014-01-21 15:47:44 +04:00			`%doc NEWS`
Automatic import for version 1.1.3 2012-02-01 15:16:30 +04:00			`%docdir %{_docdir}/%{name}`
			`%dir /etc/pam.d`
			`%config(noreplace) /etc/environment`
Automatic import for version 1.1.4-9 2012-08-07 12:05:53 +00:00			`%config /etc/pam.d/other`
system-auth will not rewrite existing rule 2013-12-04 11:44:49 +04:00			`%attr(0644,root,shadow) %config(noreplace) /etc/pam.d/system-auth`
Add system-auth-default need for drakauth hack 2014-02-13 09:54:38 +04:00			`%attr(0644,root,shadow) %config(noreplace) /etc/pam.d/system-auth-default`
Automatic import for version 1.1.4-9 2012-08-07 12:05:53 +00:00			`%config /etc/pam.d/config-util`
SILENT really add postlogin file 2013-11-18 11:20:32 +04:00			`%config /etc/pam.d/postlogin`
Automatic import for version 1.1.3 2012-02-01 15:16:30 +04:00			`/sbin/mkhomedir_helper`
			`/sbin/pam_console_apply`
			`/sbin/pam_tally2`
			`/sbin/unix_chkpwd`
			`/sbin/unix_update`
			`%attr(4755,root,root) /sbin/pam_timestamp_check`
			`%config(noreplace) %{_sysconfdir}/security/access.conf`
			`%config(noreplace) %{_sysconfdir}/security/chroot.conf`
			`%config(noreplace) %{_sysconfdir}/security/console.perms`
			`%config(noreplace) %{_sysconfdir}/security/console.handlers`
			`%config(noreplace) %{_sysconfdir}/security/group.conf`
			`%config(noreplace) %{_sysconfdir}/security/limits.conf`
			`%config(noreplace) %{_sysconfdir}/security/namespace.conf`
			`%attr(755,root,root) %config(noreplace) %{_sysconfdir}/security/namespace.init`
			`%config(noreplace) %{_sysconfdir}/security/pam_env.conf`
			`%config(noreplace) %{_sysconfdir}/security/time.conf`
			`%config(noreplace) %{_sysconfdir}/security/opasswd`
1.8.0 2014-01-21 14:49:16 +04:00			`%config(noreplace) %{_sysconfdir}/security/limits.d/90-nproc.conf`
Automatic import for version 1.1.3 2012-02-01 15:16:30 +04:00			`%dir %{_sysconfdir}/security/console.apps`
			`%dir %{_sysconfdir}/security/console.perms.d`
revert to 1.1.4 with best work 2012-03-22 01:18:54 +04:00			`%dir /%{_lib}/security`
			`/%{_lib}/security/*.so`
			`/%{_lib}/security/pam_filter`
add /usr/lib/tmpfiles.d/pam.conf 2013-12-09 21:35:06 +04:00			`/usr/lib/tmpfiles.d/pam.conf`
Automatic import for version 1.1.3 2012-02-01 15:16:30 +04:00			`%dir /var/run/console`
			`%ghost %verify(not md5 size mtime) /var/log/tallylog`
			`%{_mandir}/man5/*`
			`%{_mandir}/man8/*`

			`%files -n %{libname}`
revert to 1.1.4 with best work 2012-03-22 01:18:54 +04:00			`/%{_lib}/libpam.so.%{major}*`

			`%files -n %{libnamec}`
			`/%{_lib}/libpamc.so.%{major}*`

			`%files -n %{libname_misc}`
			`/%{_lib}/libpam_misc.so.%{major}*`
Automatic import for version 1.1.3 2012-02-01 15:16:30 +04:00
			`%files -n %{develname}`
			`%doc Copyright`
			`/%{_lib}/libpam.so`
			`/%{_lib}/libpam_misc.so`
			`/%{_lib}/libpamc.so`
			`%{_includedir}/security/*.h`
			`%{_mandir}/man3/*`

			`%files doc`
			`%doc doc/txts doc/specs/rfc86.0.txt Copyright`